RE: [fw-wiz] on-the-fly-analysis vs. proxy rewrites

On Wednesday, February 08, 2006 1:27 AM, Darren Reed so wrote:

On Tuesday, February 07, 2006 12:50 PM, Dave Piscitello so spake:

An interesting exercise for this list - possibly a new thread? - is
"what security policies are best enforced by implementing
analysis" versus "what security policies are best enforced by proxy

How is one different to the other ?

How is a proxy not doing something "on the fly" ?

My sometimes jaded view is that the proxy rewrites the traffic to
conform to whatever the proxy writer wrote. Hopefully, that matches up
with some standard protocol to _provide_ the security. I.E. You get the
security from the proxy writer having rewritten your traffic. It's doing
*something,* true, but it's not "checking" anything. It's just not
re-writing any *bad* stuff.
firewall-wizards mailing list